Difference between revisions of "Risk Treatment"
(3 intermediate revisions by 2 users not shown) | |||
Line 1: | Line 1: | ||
{| style="margin-left: 0px; text-align: left; font-style: none; width:100%; font-weight: none; background: #F0F0F0; border:1px " | {| style="margin-left: 0px; text-align: left; font-style: none; width:100%; font-weight: none; background: #F0F0F0; border:1px " | ||
− | | '''1.''' Risk Treatment is the selection and implementation of appropriate options for dealing with [[risk]]. | + | | '''1.''' Risk Treatment is the selection and implementation of appropriate options for dealing with [[risk]]. |
+ | |||
{{Template:BL-BCM-5Banner}} | {{Template:BL-BCM-5Banner}} | ||
[[image:ISO31000 Risk Management Process.png|thumb|right|300px|Risk Treatment as part of the ISO31000 Risk Management Framework]] | [[image:ISO31000 Risk Management Process.png|thumb|right|300px|Risk Treatment as part of the ISO31000 Risk Management Framework]] | ||
− | |||
− | |||
+ | The options for the Risk Treatment include: | ||
*[[Risk Avoidance]] | *[[Risk Avoidance]] | ||
Line 12: | Line 12: | ||
*[[Risk Acceptance]] | *[[Risk Acceptance]] | ||
− | Related Terms: [[Risk Management]], [[Risk Tolerance]], [[Residual Risk]]. | + | |
+ | '''Related Terms''': [[Risk Management]], [[Risk Tolerance]], [[Residual Risk]]. | ||
'''Note (1)''': [[Risk Reduction]] is used as a preferred term to Risk Termination or [[Risk Mitigation]]. | '''Note (1)''': [[Risk Reduction]] is used as a preferred term to Risk Termination or [[Risk Mitigation]]. | ||
Line 35: | Line 36: | ||
|} | |} | ||
{{Template: BookMGISO22301}} | {{Template: BookMGISO22301}} | ||
− | + | {{Template:BookPSRAR}} | |
[[Category:BCM Institute Glossary]] | [[Category:BCM Institute Glossary]] | ||
Line 46: | Line 47: | ||
− | '''2.''' Process of | + | '''2.''' Process of selecting and implementing measures to modify risk. |
'''''Notes (1)''''' : The term “risk treatment” is sometimes used for the measures themselves. | '''''Notes (1)''''' : The term “risk treatment” is sometimes used for the measures themselves. | ||
Line 62: | Line 63: | ||
'''''Notes (1)''''' : Risk treatment can involve: | '''''Notes (1)''''' : Risk treatment can involve: | ||
*avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk; | *avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk; | ||
− | *taking or increasing risk | + | *taking or increasing risk to pursue an opportunity; |
*removing the risk source (2.16); | *removing the risk source (2.16); | ||
*changing the likelihood (2.19); | *changing the likelihood (2.19); | ||
Line 70: | Line 71: | ||
'''''Notes (2)''''': Risk treatments that deal with negative consequences are sometimes referred to as “risk mitigation”, “risk | '''''Notes (2)''''': Risk treatments that deal with negative consequences are sometimes referred to as “risk mitigation”, “risk | ||
− | elimination”, “risk prevention” and “risk reduction”. | + | elimination”, “risk prevention”, and “risk reduction”. |
'''''Notes (3)''''' : Risk treatment can create new risks or modify existing risks. | '''''Notes (3)''''' : Risk treatment can create new risks or modify existing risks. | ||
Line 88: | Line 89: | ||
|'''5.''' The selection and implementation of relevant options for managing [[risk]]. The key treatments include: | |'''5.''' The selection and implementation of relevant options for managing [[risk]]. The key treatments include: | ||
* Acceptance - [[risk|risks]] are retained by the [[organization]] | * Acceptance - [[risk|risks]] are retained by the [[organization]] | ||
− | * Avoidance - deciding not to carry on with the proposed [[Activity|activities]] due to the [[risk]] being unacceptable or finding another | + | * Avoidance - deciding not to carry on with the proposed [[Activity|activities]] due to the [[risk]] being unacceptable or finding another more acceptable alternative. |
* Reduction - reducing the [[likelihood]] and/or consequence of the [[risk]] | * Reduction - reducing the [[likelihood]] and/or consequence of the [[risk]] | ||
− | * Transfer - transferring the [[risk]] in part or | + | * Transfer - transferring the [[risk]] in part or totality to another. Insurance is an example of [[Risk Transfer|risk transfer]]. |
('''Source:''' Business Continuity Institute - BCI) | ('''Source:''' Business Continuity Institute - BCI) |
Latest revision as of 05:59, 10 September 2022
1. Risk Treatment is the selection and implementation of appropriate options for dealing with risk.
The options for the Risk Treatment include:
Note (1): Risk Reduction is used as a preferred term to Risk Termination or Risk Mitigation. Note (2): Often, there will be residual risk which cannot be removed totally as it is not cost-effective to do so, hence, the acceptance of risk. Note (3): Risk Acceptance is sometimes referred to as Risk Tolerance. Note (4): The highest rated risks should be addressed as a matter of urgency
|
2. Process of selecting and implementing measures to modify risk.
Notes (1) : The term “risk treatment” is sometimes used for the measures themselves.
Notes (2) : Risk treatment measures can include avoiding, optimizing, transferring or retaining risk.
(Source: ISO 22399:2007 – Societal Security - Guideline for Incident Preparedness and Operational Continuity Management) - clause 3.42
- avoiding the risk by deciding not to start or continue with the activity that gives rise to the risk;
- taking or increasing risk to pursue an opportunity;
- removing the risk source (2.16);
- changing the likelihood (2.19);
- changing the consequences (2.18);
- sharing the risk with another party or parties (including contracts and risk financing); and
- retaining the risk by informed decision.
4. The selection and implementation of appropriate options for dealing with risk.
(Source: Singapore Standard 540 - SS 540:2008)
5. The selection and implementation of relevant options for managing risk. The key treatments include:
(Source: Business Continuity Institute - BCI) 6. A systematic process of deciding which risks can be eliminated or reduced by remedial action and which must be tolerated. (Source: ENISA - the European Network and Information Security Agency. BCM & Resilience Glossary) |